- New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotelyby email@example.com (Ravie Lakshmanan) on April 15, 2021 at 6:55 am
Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what’s known as a “man-in-the-disk” attack that makes it possible for
- NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Serversby firstname.lastname@example.org (Ravie Lakshmanan) on April 15, 2021 at 5:57 am
In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that’s said to be
- Critical Exchange Server Vulnerabilities let Attackers Execute Remote Codeby Guru on April 14, 2021 at 5:22 pm
Microsoft has released security updates for vulnerabilities found in the below versions of Exchange servers on the 13th April 2021 which is depicted as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483 Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 Updates Available for Specific Builds: These updates are available for the following specific builds of Exchange Server: Exchange The post Critical Exchange Server Vulnerabilities let Attackers Execute Remote Code appeared first on Cyber Security News.
- 100 Million+ Devices Affected With Critical WRECK DNS Implementation Flawsby Guru on April 14, 2021 at 3:21 pm
JSOF team together with Forescout Research Labs, have revealed a set of nine vulnerabilities related to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE). This vulnerability set, known as NAME: WRECK, could potentially allow attackers to take target devices offline or take control over them. NAME:WRECK Affects The post 100 Million+ Devices Affected With Critical WRECK DNS Implementation Flaws appeared first on Cyber Security News.